Overview
- Description
- A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-125
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opendesign:drawings_sdk:2019:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D3AFC91-0661-4B93-A08F-E04C1C00DC0B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10DD6CB3-ED55-465D-AB98-13EFD013AE47"
},
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72F1A960-EBA5-4BDB-B629-20F0D2384562"
}
],
"operator": "OR"
}
]
}
]